Changeset 2366
- Timestamp:
- 05/23/07 10:43:05 (1 year ago)
- Files:
-
- tags/release-0.9.3.1 (copied) (copied from tags/release-0.9.3)
- tags/release-0.9.3.1/THANKS (modified) (1 diff)
- tags/release-0.9.3.1/net80211/ieee80211_input.c (modified) (6 diffs)
- tags/release-0.9.3.1/net80211/ieee80211_node.c (modified) (2 diffs)
- tags/release-0.9.3.1/net80211/ieee80211_scan.h (modified) (1 diff)
- tags/release-0.9.3.1/net80211/ieee80211_var.h (modified) (1 diff)
- tags/release-0.9.3.1/net80211/ieee80211_wireless.c (modified) (4 diffs)
- tags/release-0.9.3.1/release.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
tags/release-0.9.3.1/THANKS
r2199 r2366 125 125 Andrew Lunn 126 126 Michael Plourde 127 Md Sohail Ahmad 127 128 128 129 Apologies to anyone whose name was unintentionally left off. tags/release-0.9.3.1/net80211/ieee80211_input.c
r2069 r2366 694 694 /* NB: assumes linear (i.e., non-fragmented) skb */ 695 695 696 /* check length > header */ 697 if (skb->len < sizeof(struct ether_header) + LLC_SNAPFRAMELEN 698 + roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2) { 699 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, 700 ni->ni_macaddr, "data", "%s", "decap error"); 701 vap->iv_stats.is_rx_decap++; 702 IEEE80211_NODE_STAT(ni, rx_decap); 703 goto err; 704 } 705 696 706 /* get to the tunneled headers */ 697 707 ath_hdr = (struct athl2p_tunnel_hdr *) 698 708 skb_pull(skb, sizeof(struct ether_header) + LLC_SNAPFRAMELEN); 699 /* ignore invalid frames */ 700 if(ath_hdr == NULL) 709 eh_tmp = (struct ether_header *) 710 skb_pull(skb, roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2); 711 /* sanity check for malformed 802.3 length */ 712 frame_len = ntohs(eh_tmp->ether_type); 713 if (skb->len < roundup(sizeof(struct ether_header) + frame_len, 4)) { 714 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, 715 ni->ni_macaddr, "data", "%s", "decap error"); 716 vap->iv_stats.is_rx_decap++; 717 IEEE80211_NODE_STAT(ni, rx_decap); 701 718 goto err; 702 719 } 720 703 721 /* only implementing FF now. drop all others. */ 704 722 if (ath_hdr->proto != ATH_L2TUNNEL_PROTO_FF) { … … 713 731 vap->iv_stats.is_rx_ffcnt++; 714 732 715 /* move past the tunneled header, with alignment */716 skb_pull(skb, roundup(sizeof(struct athl2p_tunnel_hdr) - 2, 4) + 2);717 718 733 skb1 = skb_clone(skb, GFP_ATOMIC); /* XXX: GFP_ATOMIC is overkill? */ 719 eh_tmp = (struct ether_header *)skb->data;720 721 /* ether_type must be length*/722 frame_len = ntohs(eh_tmp->ether_type);723 734 724 735 /* we now have 802.3 MAC hdr followed by 802.2 LLC/SNAP. convert to DIX */ … … 730 741 /* prepare second tunneled frame */ 731 742 skb_pull(skb1, roundup(sizeof(struct ether_header) + frame_len, 4)); 732 eh_tmp = (struct ether_header *)skb1->data;733 frame_len = ntohs(eh_tmp->ether_type);734 743 athff_decap(skb1); 735 744 … … 2735 2744 } 2736 2745 2746 /* IEEE802.11 does not specify the allowed range for 2747 * beacon interval. We discard any beacons with a 2748 * beacon interval outside of an arbitrary range in 2749 * order to protect against attack. 2750 */ 2751 if (!(IEEE80211_BINTVAL_MIN <= scan.bintval && 2752 scan.bintval <= IEEE80211_BINTVAL_MAX)) { 2753 IEEE80211_DISCARD(vap, IEEE80211_MSG_SCAN, 2754 wh, "beacon", "invalid beacon interval (%u)", 2755 scan.bintval); 2756 return; 2757 } 2758 2737 2759 /* 2738 2760 * Count frame now that we know it's to be processed. … … 2862 2884 memcpy(ni->ni_tstamp.data, scan.tstamp, 2863 2885 sizeof(ni->ni_tstamp)); 2864 ni->ni_intval = scan.bintval;2886 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(scan.bintval); 2865 2887 ni->ni_capinfo = scan.capinfo; 2866 2888 ni->ni_chan = ic->ic_curchan; … … 3286 3308 ni->ni_rstamp = rstamp; 3287 3309 ni->ni_last_rx = jiffies; 3288 ni->ni_intval = bintval;3310 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(bintval); 3289 3311 ni->ni_capinfo = capinfo; 3290 3312 ni->ni_chan = ic->ic_curchan; tags/release-0.9.3.1/net80211/ieee80211_node.c
r2083 r2366 665 665 ni->ni_rstamp = se->se_rstamp; 666 666 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 667 ni->ni_intval = se->se_intval;667 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(se->se_intval); 668 668 ni->ni_capinfo = se->se_capinfo; 669 669 ni->ni_chan = se->se_chan; … … 1217 1217 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1218 1218 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1219 ni->ni_intval = sp->bintval;1219 ni->ni_intval = IEEE80211_BINTVAL_SANITISE(sp->bintval); 1220 1220 ni->ni_capinfo = sp->capinfo; 1221 1221 ni->ni_chan = ic->ic_curchan; tags/release-0.9.3.1/net80211/ieee80211_scan.h
r2030 r2366 131 131 u_int8_t fhindex; 132 132 u_int8_t erp; 133 u_int 8_t bintval;133 u_int16_t bintval; 134 134 u_int8_t timoff; 135 135 u_int8_t *tim; tags/release-0.9.3.1/net80211/ieee80211_var.h
r1988 r2366 61 61 #define IEEE80211_DTIM_DEFAULT 1 /* default DTIM period */ 62 62 63 #define IEEE80211_BINTVAL_MAX 500 /* max beacon interval (TU's) */63 #define IEEE80211_BINTVAL_MAX 1000 /* max beacon interval (TU's) */ 64 64 #define IEEE80211_BINTVAL_MIN 25 /* min beacon interval (TU's) */ 65 65 #define IEEE80211_BINTVAL_DEFAULT 100 /* default beacon interval (TU's) */ 66 #define IEEE80211_BINTVAL_VALID(_bi) \ 67 ((IEEE80211_BINTVAL_MIN <= (_bi)) && \ 68 ((_bi) <= IEEE80211_BINTVAL_MAX)) 69 #define IEEE80211_BINTVAL_SANITISE(_bi) \ 70 (IEEE80211_BINTVAL_VALID(_bi) ? \ 71 (_bi) : IEEE80211_BINTVAL_DEFAULT) 66 72 67 73 #define IEEE80211_BGSCAN_INTVAL_MIN 15 /* min bg scan intvl (secs) */ tags/release-0.9.3.1/net80211/ieee80211_wireless.c
r2103 r2366 1257 1257 struct ieee80211com *ic = vap->iv_ic; 1258 1258 1259 if (wrq->disabled) { 1260 if (ic->ic_flags & IEEE80211_F_PMGTON) { 1261 ic->ic_flags &= ~IEEE80211_F_PMGTON; 1262 goto done; 1263 } 1264 return 0; 1265 } 1259 /* XXX: These values, flags, and caps do not seem to be used elsewhere 1260 * at all? */ 1266 1261 1267 1262 if ((ic->ic_caps & IEEE80211_C_PMGT) == 0) 1268 1263 return -EOPNOTSUPP; 1264 1265 if (wrq->disabled) { 1266 if (ic->ic_flags & IEEE80211_F_PMGTON) 1267 ic->ic_flags &= ~IEEE80211_F_PMGTON; 1268 } else { 1269 1269 switch (wrq->flags & IW_POWER_MODE) { 1270 1270 case IW_POWER_UNICAST_R: 1271 1271 case IW_POWER_ALL_R: 1272 1272 case IW_POWER_ON: 1273 if (wrq->flags & IW_POWER_PERIOD) { 1274 if (IEEE80211_BINTVAL_VALID(wrq->value)) 1275 ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value); 1276 else 1277 return -EINVAL; 1278 } 1279 if (wrq->flags & IW_POWER_TIMEOUT) 1280 ic->ic_holdover = IEEE80211_MS_TO_TU(wrq->value); 1281 1273 1282 ic->ic_flags |= IEEE80211_F_PMGTON; 1274 break; 1275 default: 1276 return -EINVAL; 1277 } 1278 if (wrq->flags & IW_POWER_TIMEOUT) { 1279 ic->ic_holdover = IEEE80211_MS_TO_TU(wrq->value); 1280 ic->ic_flags |= IEEE80211_F_PMGTON; 1281 } 1282 if (wrq->flags & IW_POWER_PERIOD) { 1283 ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value); 1284 ic->ic_flags |= IEEE80211_F_PMGTON; 1285 } 1286 done: 1283 break; 1284 default: 1285 return -EINVAL; 1286 } 1287 } 1288 1287 1289 return IS_UP(ic->ic_dev) ? ic->ic_reset(ic->ic_dev) : 0; 1288 1290 } … … 2367 2369 vap->iv_opmode != IEEE80211_M_IBSS) 2368 2370 return -EINVAL; 2369 if (IEEE80211_BINTVAL_MIN <= value && 2370 value <= IEEE80211_BINTVAL_MAX) { 2371 if (IEEE80211_BINTVAL_VALID(value)) { 2371 2372 ic->ic_lintval = value; /* XXX multi-bss */ 2372 2373 retv = ENETRESET; /* requires restart */ … … 3622 3623 struct ieee80211vap *vap = dev->priv; 3623 3624 int *param = (int *) extra; 3624 int ac = (param[1] < WME_NUM_AC) ? param[1] : WME_AC_BE; 3625 int ac = (param[1] >= 0 && param[1] < WME_NUM_AC) ? 3626 param[1] : WME_AC_BE; 3625 3627 int bss = param[2]; 3626 3628 struct ieee80211_wme_state *wme = &vap->iv_ic->ic_wme; … … 3710 3712 struct ieee80211vap *vap = dev->priv; 3711 3713 int *param = (int *) extra; 3712 int ac = (param[1] < WME_NUM_AC) ? param[1] : WME_AC_BE; 3714 int ac = (param[1] >= 0 && param[1] < WME_NUM_AC) ? 3715 param[1] : WME_AC_BE; 3713 3716 struct ieee80211_wme_state *wme = &vap->iv_ic->ic_wme; 3714 3717 struct chanAccParams *chanParams = (param[2] == 0) ? tags/release-0.9.3.1/release.h
r2200 r2366 42 42 #define RELEASE_VERSION SVNVERSION 43 43 #else 44 #define RELEASE_VERSION "0.9.3 "44 #define RELEASE_VERSION "0.9.3.1" 45 45 #endif
